AU2012293712B2 - Method for managing and checking data from different identity domains organized into a structured set - Google Patents

Method for managing and checking data from different identity domains organized into a structured set

Info

Publication number
AU2012293712B2
AU2012293712B2 AU2012293712A AU2012293712A AU2012293712B2 AU 2012293712 B2 AU2012293712 B2 AU 2012293712B2 AU 2012293712 A AU2012293712 A AU 2012293712A AU 2012293712 A AU2012293712 A AU 2012293712A AU 2012293712 B2 AU2012293712 B2 AU 2012293712B2
Authority
AU
Australia
Prior art keywords
identity
derived
identity data
person
managing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
AU2012293712A
Other versions
AU2012293712A1 (en
Inventor
Julien Bringer
Herve Chabanne
Alain PATEY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Idemia Identity and Security France SAS
Original Assignee
Morpho SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Morpho SA filed Critical Morpho SA
Publication of AU2012293712A1 publication Critical patent/AU2012293712A1/en
Application granted granted Critical
Publication of AU2012293712B2 publication Critical patent/AU2012293712B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a method and system for managing and checking different identity data relating to a person. According to the invention, a derived-identity management server generates for the person at least part of the identity data with which said person can be authenticated in relation to a service provider for the derived-identity domain, on the basis of information derived from identity data from parent domains. The identity data generation processing ensures that no link can be established from two authentications in two separate domains in the absence of link information. If necessary, said link information is transmitted by a parent domain to a derived-identity server so that the latter establishes the link between the identity data of the derived-identity domain and the identity data of the parent domain, e.g. for the cascade revocation of a person from various domains.
AU2012293712A 2011-08-09 2012-08-02 Method for managing and checking data from different identity domains organized into a structured set Active AU2012293712B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR1157261 2011-08-09
FR1157261A FR2979044B1 (en) 2011-08-09 2011-08-09 METHOD FOR MANAGING AND CONTROLLING DATA OF DIFFERENT FIELDS OF IDENTITY ORGANIZED IN THE ENHANCEMENT STRUCTURE
PCT/EP2012/065153 WO2013020890A1 (en) 2011-08-09 2012-08-02 Method for managing and checking data from different identity domains organized into a structured set

Publications (2)

Publication Number Publication Date
AU2012293712A1 AU2012293712A1 (en) 2014-03-27
AU2012293712B2 true AU2012293712B2 (en) 2016-07-21

Family

ID=46639494

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2012293712A Active AU2012293712B2 (en) 2011-08-09 2012-08-02 Method for managing and checking data from different identity domains organized into a structured set

Country Status (11)

Country Link
US (1) US9407637B2 (en)
EP (1) EP2742645B1 (en)
JP (2) JP2014529124A (en)
CN (1) CN103858377B (en)
AU (1) AU2012293712B2 (en)
BR (1) BR112014003054B1 (en)
CA (1) CA2844762C (en)
FR (1) FR2979044B1 (en)
IL (1) IL230870A (en)
RU (1) RU2602785C2 (en)
WO (1) WO2013020890A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3005185B1 (en) * 2013-04-30 2015-04-17 Morpho METHOD FOR GENERATING AT LEAST ONE DERIVED IDENTITY
EP3257194B1 (en) 2015-02-11 2020-04-15 Visa International Service Association Systems and methods for securely managing biometric data
US10069824B2 (en) 2015-05-12 2018-09-04 Branch Banking And Trust Company Biometric signature authentication and centralized storage system
RU2739262C1 (en) * 2020-04-05 2020-12-23 Эрвью.ТВ, Инк. Information presentation control method
US11824896B2 (en) 2020-04-06 2023-11-21 Exonym GmbH Cross-service rulebook management in a dynamic and adversarial environment
US11962573B2 (en) 2021-10-26 2024-04-16 Genetec Inc System and method for providing access to secured content field

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1164745A2 (en) * 2000-06-09 2001-12-19 TRW Inc. System and method for usage of a role certificate in encryption, and as a seal, digital stamp, and a signature
WO2009028794A2 (en) * 2007-08-24 2009-03-05 Electronics And Telecommunication Research Institute Method for providing anonymous public key infrastructure and method for providing service using the same
US20100310070A1 (en) * 2007-12-21 2010-12-09 Morpho Generation and Use of a Biometric Key

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7028180B1 (en) * 2000-06-09 2006-04-11 Northrop Grumman Corporation System and method for usage of a role certificate in encryption and as a seal, digital stamp, and signature
US6993596B2 (en) * 2001-12-19 2006-01-31 International Business Machines Corporation System and method for user enrollment in an e-community
FR2834598B1 (en) * 2002-01-04 2004-02-20 France Telecom METHOD AND DEVICE FOR ANONYMOUS SIGNATURE USING A SHARED PRIVATE KEY
US7793095B2 (en) * 2002-06-06 2010-09-07 Hardt Dick C Distributed hierarchical identity management
WO2005116794A1 (en) * 2004-05-28 2005-12-08 Koninklijke Philips Electronics N.V. License management in a privacy preserving information distribution system
US7315941B2 (en) * 2004-12-17 2008-01-01 Ntt Docomo Inc. Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity
JP4727353B2 (en) * 2005-09-06 2011-07-20 株式会社Kddi研究所 Identification information generation management device, system, and program
CN101039182B (en) * 2007-03-07 2010-08-11 广东南方信息安全产业基地有限公司 Authentication system and method for issuing user identification certificate
CN101272395B (en) * 2008-05-20 2012-07-11 北京交通大学 Hierarchical access control method of communication network
US20100122080A1 (en) 2008-11-11 2010-05-13 Electronics And Telecommunications Research Institute Pseudonym certificate process system by splitting authority
US8024777B2 (en) * 2008-11-20 2011-09-20 Mark Kevin Shull Domain based authentication scheme

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1164745A2 (en) * 2000-06-09 2001-12-19 TRW Inc. System and method for usage of a role certificate in encryption, and as a seal, digital stamp, and a signature
WO2009028794A2 (en) * 2007-08-24 2009-03-05 Electronics And Telecommunication Research Institute Method for providing anonymous public key infrastructure and method for providing service using the same
US20100310070A1 (en) * 2007-12-21 2010-12-09 Morpho Generation and Use of a Biometric Key

Also Published As

Publication number Publication date
JP2018137788A (en) 2018-08-30
US20140181932A1 (en) 2014-06-26
CN103858377B (en) 2017-02-22
FR2979044B1 (en) 2013-08-30
IL230870A0 (en) 2014-03-31
EP2742645A1 (en) 2014-06-18
BR112014003054B1 (en) 2022-04-12
US9407637B2 (en) 2016-08-02
JP2014529124A (en) 2014-10-30
RU2602785C2 (en) 2016-11-20
CN103858377A (en) 2014-06-11
IL230870A (en) 2017-09-28
CA2844762C (en) 2020-07-28
FR2979044A1 (en) 2013-02-15
BR112014003054A2 (en) 2017-02-21
RU2014106962A (en) 2015-09-20
CA2844762A1 (en) 2013-02-14
AU2012293712A1 (en) 2014-03-27
JP6688823B2 (en) 2020-04-28
EP2742645B1 (en) 2018-10-03
WO2013020890A1 (en) 2013-02-14

Similar Documents

Publication Publication Date Title
AU2012293712B2 (en) Method for managing and checking data from different identity domains organized into a structured set
WO2012142045A3 (en) Multiple tokenization for authentication
MX337986B (en) Systems, methods, and computer program products for managing secure elements.
WO2012096791A3 (en) Methods and systems for distributing cryptographic data to authenticated recipients
GB2495448A (en) Security model for workflows aggregating third party secure services
WO2013113025A3 (en) Authenticating entities engaging in automated or electronic transactions or activities
WO2013134290A3 (en) Digital content delivery
BR112016017947A2 (en) METHOD IMPLEMENTED BY COMPUTER, ACCESS DEVICE, AND SYSTEM
GB2502736A (en) System and method for analyzing messages in a network or across networks
WO2014015100A3 (en) Systems and methods for validating treatment instructions
WO2012098543A3 (en) System and method for computerized negotiations based on coded integrity
GB2518099A (en) Systems and methods for identity authentication using a social network
WO2010011919A3 (en) Http authentication and authorization management
GB2509278A (en) Network user identification and authentication
MY168469A (en) Systems and methods for enhancement of single sign-on protection
WO2011106404A3 (en) Multifactor authentication using a directory server
MX362308B (en) Method and system for verifying an access request.
GB2513753A (en) Consolidating disparate cloud service data and behavior based on trust relationships between cloud services
MX2018003580A (en) Acceleration of online certificate status checking with an internet hinting service.
MX346982B (en) Injection data management system and method.
FI20115184A0 (en) Method and apparatus for measuring unit cohesion
NZ702250A (en) Network based management of protected data sets
GB2513070A (en) Confidential information access via social networking web site
MY184704A (en) A system and method for authenticating a user based on user behaviour and environmental factors
PH12014502072A1 (en) Method and system using a cyber id to provide secure transactions

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)